PATENT 

U.S. Patent Application No. 10/060,792 
Attorney Docket No. 0023-0220 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1. (currently amended) A method for accessing resources on a private 
network via an intermediary server that is outside the private network , said method 
comprising: 

[[(a)]] receiving a login request from a user for access to the intermediary 
server that is outside the private network ; 

[[(b)]]authenticating the user in response to the login request : 

(c) subsequently receiving a resource request from the authenticated user 
at the intermediary server, the resource request requesting a particular operation with 
respect to a resource from the private network; 

[[(d)]] obtaining access privileges for the authenticated user in response to 
the resource request ; 

[[(e)]] determining whether the access privileges for the authenticated user 
permit the authenticated user to perform the particular operation at the private network; 
and 

[[(f)]] preventing , by the intermediary server, performance of the 
particular operation at the private network such that the particular operation a response to 
the resource request is not had when said determining (e) determines that if the access 
privileges for the authenticated user do not permit the authenticated user to perform the 
particular operation at the private network. 
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2. (currently amended) A method as recited in claim 1, wherein the 
particular operation is one of a resource request, a file access operation or an email 
operation. 

3. (currently amended) A method as recited in claim 1, wherein said 
authenticating [[(b)]] determines whether the user is authenticated based on an external 
authentication server. 

4. (currently amended) A method as recited in claim 3, wherein the external 
authentication server is within the private network. 

5. (currently amended) A method as recited in claim 1, wherein the 
intermediary server stores the access privileges for a plurality of users. 

6. (currently amended) A method as recited in claim 1, wherein the 
intermediary server stores an authentication identifier for each of a plurality of users, the 
authentication identifier identifies identifying an external authentication server to be used 
to perform said authenticating [[(b)]]. 

7. (currently amended) A method as recited in claim 6, wherein the external 
authentication server is within the private network. 
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8. (currently amended) A method as recited in claim 7, wherein the 
authentication identifier comprises a network address for the external authentication 
server. 

9. (currently amended) A method as recited in claim 1, wherein the resource 
request is from a client-side application operating running on a client machine. 

10. (currently amended) A method as recited in claim 9, wherein the client- 
side application is one selected from the group consisting of; a web browser, an email 
application or a file access application. 

11. (currently amended) A method as recited in claim 1, wherein the user is a 
remote user. 

12. (currently amended) A method as recited in claim 1, wherein the resource 
request is from a client-side application operating running on a remote client machine. 

13. (currently amended) A method as recited in claim 1, wherein the private 
network is an intranet or a corporate network. 

14. (currently amended) A method as recited in claim 1, wherein the resource 
request is from a network browser. 
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15. (currently amended) A method as recited in claim 1, wherein said method 
further comprises: 

[[(g)]] performing the particular operation at the private network to 
determine a response to the resource request when said determining (e) determines that if 
the access privileges for the authenticated user permit the authenticated user to perform 
the particular operation at the private network. 

16. (currently amended) A method as recited in claim 1, wherein the 
authenticated user has an Internet Protocol (IP) address associated therewith, and 

wherein said determining [[(e)]] if the access privileges for the 
authenticated user permit the authenticated user to perform the particular operation 
comprises: 

[[(el)]] determining whether the access privileges for the 
authenticated user permit the authenticated user to perf orm the particular operation at the 
private network; and 

[[(e2)]] determining whether the IP address associated with the 

user is authorized. 

17. (currently amended) A method as recited in claim 16, wherein said 
determining [[(e)]] if the access privileges for the authenticated user permit the 
authenticated user to perform the particular operation further comprises: 

[[(e3)]] determining whether time-of-day restrictions are satisfied. 
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18. (currently amended) A method as recited in claim 17, wherein the access 
privileges comprise permitted operations, authorized IP addresses, and time-of-day 
restrictions for a plurality of users the authenticated user . 

19. (currently amended) A method for providing remote access to a private 
network via an intermediary server that is outside the private network , said method 
comprising: 

[[(a)]] receiving a login request from a remote user for access to the 
intermediary server that is outside the private network ; 

[[(b)]] determining whether the remote user is permitted access to the 
intermediary server based on the login request ; 

[[(c)]] granting the remote user access to the intermediary server when 
said determining (b) determines that if the remote user is permitted access to the 
intermediary server , the granted access also carries carrying access privileges to 
predetermined portions a portion of the private network; 

[[(d)]] subsequently receiving a resource request from the remote user at 
the intermediary server if the remote user is granted access to the intermediary server , the 
resource request requesting a particular resource on the private network ; 

[[(e)]] determining whether the resource request from the remote user is 
permitted by the access privileges; 
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[[(f)]] supplying the particular resource to the remote user through the 
intermediary server when said determining (e) determines that if the resource request 
from the remote user is permitted by the access privileges ; and 

[[(g)]] denying the remote user from access to the particular resource by 
the intermediary server when said determining (e) determines that if the resource request 
from the remote user is not permitted by the access privileges . 

20. (currently amended) A method as recited in claim 19, wherein said 
supplying [[(f)]] the particular resource comprises: 

[[(f 1)]] retrieving the particular resource from a content server; 
[[(f2)]] modifying at least one URL within the retrieved particular 

resource; and 

[[(f3)]] sending the modified particular resource to the remote user. 

21. (currently amended) A method as recited in claim 19, wherein said 
supplying [[(f)]] the particular resource comprises: 

obtaining a response to the request for the particular resource ; 
[[(fl)]] modifying the response so that links within the response point to 
the intermediate intermediary server; and 

[[(f2)]] sending the modified resource response to the remote user. 
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22. (currently amended) A method as recited in claim 19, wherein said 
supplying [[(f)]] the particular resource comprises: 

[[(f 1)]] determining a host name for a remote server hosting the particular 
resource being requested; 

[[(f2)]] sending a request for the particular resource to the remote server 
based on the determined host name; and 

[[(f3)]] receiving, at the intermediary server, a response to the request 
from the remote server. 

23. (currently amended) A method as recited in claim 22, wherein said 
supplying the particular resource [[(f)]] comprises: 

[[(f4)]] modifying the response so that links within the response point to 
the intermediate intermediary server; and 

[[(f5)]] sending the modified resource response to the remote user. 

24. (currently amended) A method as recited in claim [[23]] 19, wherein the 
private network is an intranet. 

25. (currently amended) A method as recited in claim [[23]] 19, wherein the 
resource request is from a network browser. 
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26. (currently amended) A method as recited in claim [[23]] 19, wherein the 
resource request is from a client-side application operating running on a remote client 
machine. 

27. (currently amended) A method as recited in claim [[25]] 26, wherein the 
client-side application is selected from the group consisting includes one of: a web 
browser, an email application or a file access application. 

28. (currently amended) A method as recited in claim 19, wherein the private 
network is an intranet or other a corporate network. 

29-33. (canceled). 

34. (currently amended) A tangible computer readable medium including at 
least compute r-executable program code for enabling access to resources on a private 
network via an intermediary server that is outside the private network , said computer 
readable medium comprising: 

computer program code for receiving a login request from a user for 
access to the intermediary server that is outside the private network ; 

computer program code for determining whether the user is permitted 
access to the intermediary server in response to the login request ; 
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computer program code for receiving a resource request from the user at 
the intermediary server after it has been determined that the user is permitted access to 
the intermediary server, the resource request requesting a particular operation with 
respect to a resource from the private network; 

computer program code for obtaining access privileges for the user in 
response to the resource request ; 

computer program code for determining whether the access privileges for 
the user permit the user to perf orm the particular operation at the private network; and 

computer program code at the intermediary server to prevent preventing 
performance of the particular operation at the private network such that a response to the 
resource request is not had when if said computer code for determining determines that 
the access privileges for the user do not permit the user to perform the particular 
operation at the private network. 

35. (currently amended) A computer readable medium as recited in claim 34, 
wherein the particular operation is one of a resource request, a file access operation or an 
email operation. 

36. (currently amended) A computer readable medium as recited in claim 34, 
wherein said computer program code for auth e nticating determining whether the user is 
permitted access to the intermediary server determines whether the user is authenticated 
based on an external authentication server. 
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37. (currently amended) A computer readable medium as recited in claim 34, 
wherein the intermediary server stores the access privileges for a plurality of users, and 

wherein the intermediary server stores an authentication identifier for each 
of a the plurality of users, the authentication identifier identifies identifying an external 
authentication server to be used to perform authentication. 

38. (currently amended) A computer readable medium as recited in claim 34, 
wherein the resource request is from a client-side application operating running on a 
client machine, and 

wherein the client-side application is selected from the group consisting 
includes one of: a web browser, an email application or a file access application. 

39. (currently amended) A computer readable medium as recited in claim 34, 
wherein said computer readable medium further comprises: 

computer program code for performing the particular operation at the 
private network to determine a response to the resource request when said computer 
program code for determining whether the access privileges for the user permit the user 
to perform the particular operation determines that the access privileges for the user 
permit the user to perform the particular operation at the private network. 

40. (currently amended) A computer readable medium as recited in claim 34, 
wherein the user has an Internet Protocol (IP) address associated therewith , and 
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wherein said computer program code for determining whether the access 
privileges for the user permit the user to perform the particular operation comprises 
includes computer code for determining whether the access privileges for the user permit 
the user to perform the particular operation at the private network, and computer program 
code for determining whether the IP address associated with the user is authorized. 

41. (currently amended) A computer readable medium as recited in claim 40, 
wherein said computer program code for determining whether the access privileges for 
the user permit the user to perform the particular operation further comprises includes 
computer program code for determining whether time-of-day restrictions are satisfied. 

42. (currently amended) A computer readable medium as recited in claim 41, 
wherein the access privileges comprise permitted operations, authorized IP addresses, and 
time-of-day restrictions for a plurality of users. 

43. (canceled) 

44. (currently amended) A tangible computer readable medium including at 
least computer- executable program code to facilitate access to a private network via an 
intermediary server that is outside the private network , said computer readable medium 
comprising: 
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computer program code for receiving a login request from a user for 
access to the intermediary server that is outside the private network ; 

computer program code for determining whether the user is permitted 
access to the intermediary server in response to the login request ; 

computer program code for granting the user access to the intermediary 
server when said computer program code for determining whether the user is permitted 
access to the intermediary server determines that the user is permitted access, the granted 
access also carries carrying access privileges to predetermined portions a portion of the 
private network; 

computer program code for subsequently receiving a resource request 
from the user at the intermediary server when the user is granted access to the 
intermediary server , the resource request requesting a particular resource; 

computer program code for determining whether the resource request from 
the user is permitted by the access privileges; 

computer program code for supplying the particular resource to the user 
through the intermediary server when said computer program code for determining 
whether the resource request from the user is permitted determines that the resource 
request from the user is permitted; and 

computer program code for denying the user from access to the particular 
resource when said computer program code for determining whether the resource request 
from the user is permitted determines that the resource request from the user is not 
permitted. 
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45. (currently amended) A computer readable medium as recited in claim 44, 
wherein said computer program code for supplying comprises: 

computer program code for retrieving the particular resource from a 

content server; 

computer program code for modifying the particular resource by replacing 
at least one URL within the particular resource; and 

computer program code for sending the modified particular resource to the 

user. 

46. (currently amended) A computer readable medium as recited in claim 44, 
wherein said computer program code for supplying comprises: 

computer program code for modifying [[the]] a response to the resource 
request so that links within the response point to the intermediate intermediary server; 
and 

computer program code for sending the modified resource response to the 

user. 

47. (currently amended) A computer readable medium as recited in claim 44, 
wherein said computer program code for supplying comprises: 

computer program code for determining a host name for a remote server 
hosting the particular resource being requested ; 
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computer program code for sending a request for the particular resource to 
the remote server based on the determined host name; and 

computer program code for receiving, at the intermediary server, a 
response to the request for the particular resource from the remote server. 

48. (currently amended) A computer readable medium as recited in claim 47, 
wherein said computer program code for supplying comprises: 

computer program code for modifying the response so that links within the 
response point to the intermediate intermediary server; and 

computer program code for sending the modified resource response to the 

user. 

49. (currently amended) A computer readable medium as recited in claim 44, 
wherein the resource request is from a client-side application operating running on a 
remote client machine. 

50. (currently amended) A computer readable medium as recited in claim 49, 
wherein the client-side application is sel e cted from the group consisting includes one of a 
web browser, an email application or a file access application. 

51. (new) An intermediary server system comprising: 
means for sending a modified resource to a client; 
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mean for receiving a request for a resource from the client; 
means for forwarding the received request to a remote server through a private 
network; 

means for receiving the resource from the remote server in response to the 
forwarded request; 

means for replacing a link in the received resource with a link that points to the 
intermediary server system to obtain the modified resource; 

means for authenticating the client, the means for authenticating the client 
included in a device that hosts the means for sending the modified resource to the client 
and the means for receiving the request; and 

means for controlling client access to the requested resource based on 
authentication information and access information. 

52. (new) The intermediary server system as in claim 51, further comprising: 
means for storing the authentication information and the access information, the 

authentication information used to authenticate the client and the access information used 
to determine if the client has a privilege to access the resource. 

53. (new) The intermediary server system as in claim 51, where the means 
for authenticating includes: 

means for permitting the client to access the private network through the 
intermediary server system if the client is successfully authenticated. 
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